package _3preparedStatement;

import java.sql.*;

import _2工具类.DbUtils;
public class TestDemo {
	public static void main(String[] args) throws SQLException {
//		Connection conn = DbUtils.getConnection();
//		Statement stmt = conn.createStatement();
//		String username = "admin";
////		String password = "123457";
//		String password = "1' or '1'='1";
//		String sql = "select count(*) from user where username='"
//				+username
//				+"' and password='"
//				+password+"'";
//		ResultSet rs = stmt.executeQuery(sql);
//		if(rs.next())
//		{
//			int result = rs.getInt(1);
//			System.out.println(result==1?"되쩌냥묘":"되쩌呵겨");
//		}
//		
//		DbUtils.destoryResource(conn, null, rs);
		
		Connection conn = DbUtils.getConnection();
		String sql = "select count(*) from user where username = ? and password = ?";
		PreparedStatement stmt = conn.prepareStatement(sql);
		String username = "admin";
//		String password = "123457";
		String password = "1' or '1'='1";
		
		stmt.setString(1,username);
		stmt.setString(2,password);
		
		ResultSet rs = stmt.executeQuery();
		if(rs.next())
		{
			int result = rs.getInt(1);
			System.out.println(result==1?"되쩌냥묘":"되쩌呵겨");
		}
		
		DbUtils.destoryResource(conn, null, rs);
	}
}
